802.1x CISCO ACS

Topics: RADIUS, Extensible Authentication Protocol, AAA protocol Pages: 9 (1730 words) Published: April 27, 2014
Step-by-step Guide for Configuring Cisco® ACS server
as the Radius with an External Windows Database
Table of Contents:
INTRODUCTION:....................................................................................................................................... 2 GETTING STARTED: ................................................................................................................................ 3 STEP-1: INTERFACE CONFIGURATION ............................................................................................. 4 STEP-2: NETWORK CONFIGURATION ............................................................................................... 5 STEP-3: SYSTEM CONFIGURATION .................................................................................................... 9 STEP 4: EXTERNAL USER DATABASE .............................................................................................. 22 STEP-5 REPORTS AND ACTIVITY: ..................................................................................................... 24 BIND YOUR AAA CLIENTS AND ACS SERVER TOGETHER WITH A SHARED SECRET: .... 26

1

Step-by-step Guide for Configuring Cisco® ACS server as the Radius with an External Windows Database
Introduction:
This is a simple step by step configuration for Setting up Cisco ACS server as the Radius for granting secure network access for Intel AMT clients. The configuration here uses Windows AD as external database for simplicity. CISCO ACS server has been configured here to allow several popular Radius protocols like EAP-PEAP, EAP-TLS and EAPFAST. You can use this as a quick start guide for validating Intel AMT access to secure networks where CISCO ACS has been deployed as Radius. This configuration has been successfully used for validating wired and wireless access to AMT FW over secure networks in a simple

environment with a single domain controller using SCCM SP1 & SP2 consoles.
It is assumed that the reader is familiar with the basic concepts of 802.1x networks, wireless & radius protocols and the process used to create and install certificates and other related aspects of AMT provisioning. Refer to other material available on the vPro Expert center for assistance with any of these topics.

For a high level overview on navigating 802.1x networks with AMT client refer to my posting Navigating Secure Networks with AMT Client http://communities.intel.com/docs/DOC-3866

2

Getting Started:
For demonstration of our simple ACS configuration we have Windows 2003 Virtual Machine Domain Controller with DHCP, DNS, Microsoft CA and CISCO ACS 4.0 installed.
Start ACS Admin console: “Start/Program/Cisco ACS Admin 4.0/ACS Admin”

We will follow these five simple steps to configure the ACS server for validating customer scenarios for navigating secure networks using Intel AMT.

3

Step-1: Interface Configuration
Click on “Interface Configuration”, “Advanced Options” and un-check all options and click “Submit”. This will ensure that you do not have any advanced options and will facilitate simple configuration for your ACS server.

4

Step-2: Network Configuration
Click on “Network Configuration”.

Step2-A: Click on the existing AAA Server Name “VPRODEMODC” (in our case) installed and set a shared secret (key) “password1234” between the server and the Radius clients to be defined in the next step.

5

Click “Submit + Apply”.
Note: If at any time when you click “Submit”, you get a message if the service needs to be restarted, Click on “System Configuration”, “Service Control” and Restart the service.

6

Step2-B: Under “Network Configuration”, Click “Add Entry” to add AAA client for Wired access. Fill-in details for “AAA Client Hostname” and “IP Address” and the same shared secret. Select other setting as shown. Click “Submit + Apply”.

7

Step2-B: Under Network Configuration, Click Add Entry to add AAA client for Wireless access. Fill-in details for...
Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • Cisco Essay
  • Cisco Essay
  • Cisco Essay
  • Cisco Essay
  • Cisco Essay
  • Essay on cisco
  • Cisco Research Paper
  • CISCO Essay

Become a StudyMode Member

Sign Up - It's Free